[go: up one dir, main page]

CN110313164A - A kind of method and apparatus for uplink - Google Patents

A kind of method and apparatus for uplink Download PDF

Info

Publication number
CN110313164A
CN110313164A CN201780083603.4A CN201780083603A CN110313164A CN 110313164 A CN110313164 A CN 110313164A CN 201780083603 A CN201780083603 A CN 201780083603A CN 110313164 A CN110313164 A CN 110313164A
Authority
CN
China
Prior art keywords
bit group
layer
modification
information
bit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201780083603.4A
Other languages
Chinese (zh)
Other versions
CN110313164B (en
Inventor
张晓博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Langbo Communication Technology Co Ltd
Original Assignee
Nantong Langheng Communication Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nantong Langheng Communication Technology Co ltd filed Critical Nantong Langheng Communication Technology Co ltd
Priority to CN202210650071.0A priority Critical patent/CN115226099A/en
Publication of CN110313164A publication Critical patent/CN110313164A/en
Application granted granted Critical
Publication of CN110313164B publication Critical patent/CN110313164B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/06Optimizing the usage of the radio link, e.g. header compression, information sizing, discarding information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of method and apparatus for uplink.UE executes the second operation in the second layer first;Then the first operation is executed in first layer.Wherein, the first bit group is used for the input of first operation, and the bit group of the first modification is the output of first operation;Second bit group is used for the input of second operation, and the bit group of the second modification is the output of second operation.The bit group of first modification and the bit group of second modification correspond to the same protocol Data Unit.It include positive integer bit in the bit group.First operation includes at least one of { compression, encryption, integrity protection }, and second operation includes at least one of { encryption, integrity protection }.The present invention is able to satisfy the QoS demand and security requirement of different business.In addition, improving the access net confidentiality of uplink present invention reduces the delay of the access net of uplink.

Description

A kind of method and apparatus for uplink Technical field
The present invention relates to the schemes of the uplink in wireless communication system, more particularly to the method and apparatus of safe transmission.
Background technique
In LTE (Long Term Evolution) system, Packet Data Convergence Protocol (PDCP, Packet Data Convergence Protocol) layer is located at wireless spread-spectrum technology (RLC, Radio Link Control) on layer, Internet Communication Protocol (IP, Internet Protocol) under layer or under wireless heterogeneous networks (RRC, Radio Resource Control) layer.PDCP layers of support header-compressed (Header Compression) function mainly use robust header compression (ROHC, Robust Header Compression) algorithm.Header-compressed is mainly used for carrying out header-compressed to IP packet.Header-compressed is mainly for Data Radio Bearer (DRB, Data Radio Bearer).PDCP layers are also supported security function, mainly include integrity protection (integrity protection) and encryption (ciphering).Wherein integrity protection is encrypted mainly for Signaling Radio Bearer (SRB, Signaling Radio Bearer) mainly for Data Radio Bearer and Signaling Radio Bearer.
There are multiple business in NR (New Radio) system, and the QoS of different business is different, while the requirement to security function is also different.In NR system, different business may be transmitted in different networks slice.Network slice is a logical network, including core net and access net.
Summary of the invention
Inventors discovered through research that: if be similar to, LTE system is such, and NR system only carries out safety operation to data at PDCP layers, then needs to carry out network for each network slice to be sliced exclusive safety operation for PDCP layers, will increase PDCP layers of complexity in this way.
Inventor through further research, it has been found that: for the business of delay sensitive, the time delay of access net side can be can increase in the safety operation that access net side carries out;Business higher for some security requirements may increase a possibility that access net side is divulged a secret accessing the encryption that net side carries out.
According to the research of foregoing invention people, different business in NR system may using different encryption and The entity of integrity protection operation.These entities can belong to different network slices, in different protocol entities.For uplink, user equipment encrypts data (header+load) in Non-Access Stratum, and user equipment carries out header-compressed to the data (header+load) encrypted that upper layer issues in PDCP transmitting terminal.The receiving end base station side PDCP is unable to correct decompressed.
In view of the above-mentioned problems, the present invention provides solutions.It should be noted that in the absence of conflict, the feature in embodiments herein and embodiment can be arbitrarily combined with each other.Such as the feature in the embodiment and embodiment in the UE of the application may be used in base station, vice versa.
The invention discloses a kind of methods in user equipment that be used to wirelessly communicate, wherein includes the following steps:
Step A. executes the second operation in the second layer;
Step B. executes the first operation in first layer
Wherein, the first bit group is used for the input of first operation, and the bit group of the first modification is the output of first operation;Second bit group is used for the input of second operation, and the bit group of the second modification is the output of second operation.The bit group of first modification and the bit group of second modification correspond to the same protocol Data Unit.It include positive integer bit in the bit group.First operation includes at least one of { compression, encryption, integrity protection }, and second operation includes at least one of { encryption, integrity protection }.
As one embodiment, first bit group is internet protocol (IP, Internet Protocol) header, second bit group is Internet Communication Protocol (IP, Internet Protocol) packet Payload (load).
As a sub- embodiment of above-described embodiment, the bit group of second modification is a PDCP SDU (Service Data Unit, service data unit).
As one embodiment, the second layer is the upper layer of the first layer.
As one embodiment, the first layer is PDCP layers, and the second layer is Non-Access Stratum (NAS, Non Access Stratum).
In above-described embodiment, first operation with second operation is completed in two different layers, and above-described embodiment reduces the delay of access net, while improving the safety of access net.
As one embodiment, the first layer includes PDCP layers and RRC (Radio Resource Control, wireless heterogeneous networks) layer, and the second layer is Non-Access Stratum.
As a sub- embodiment of above-described embodiment, the bit group of first modification and second modification Bit group belong to the same PDCP PDU (Protocol Data Unit, protocol Data Unit).
As one embodiment, the second layer and whether the first layer is identical to configure.
As one embodiment, for the compression, the quantity of the bit of input is greater than the quantity of the bit of output.
As one embodiment, the compression is robust header compression (ROHC, Robust Header Compression).
As one embodiment, the compression is exemplary compression algorithm in TS36.323 table 5.5.1.1.
As one embodiment, the encryption is to guarantee that data keep secret between originator and receiving end.
As one embodiment, the encryption is initial data and a string of keys add and cover.
It is described plus to cover be that two data are done or operated as a sub- embodiment.
As a sub- embodiment, a string of keys include Hyper Frame Number (HFN, Hyper Frame Number).
As a sub- embodiment, a string of keys include radio bearer identification (Radio Bearer ID).
As a sub- embodiment, a string of keys include PDCP sequence number (PDCP SN).
As a sub- embodiment, a string of keys are broadcast including the first security key.
As one embodiment, the encryption is the Encryption Algorithm of TS36.323 description.
As one embodiment, the integrity protection is added by Message Authentication Code-integrality (MAC-I, Message Authentication Code-Integrity) and data covers realization.
As a sub- embodiment, the Message Authentication Code-integrality is realized by protection algorithm integrallty.
As a sub- embodiment, the input parameter of the integral algorithm protection includes Hyper Frame Number (HFN, Hyper Frame Number).
As a sub- embodiment, the input parameter of the integral algorithm protection includes radio bearer identification (Radio Bearer ID).
As a sub- embodiment, the input parameter of the integral algorithm protection includes PDCP sequence number (PDCP SN).
As a sub- embodiment, the input parameter of the protection algorithm integrallty includes the first security key.
As a sub- embodiment, the input parameter of the protection algorithm integrallty includes data.
Specifically, according to an aspect of the present invention, which is characterized in that the step A further includes following steps A1, and the step B further includes following steps B1:
Step A1. transmits the bit group of the first bit group and second modification to the first layer from the second layer;
Step B1. transmits the first bit set to lower layer from the first layer.
Wherein, first bit set includes the bit group of first modification and the bit group of second modification.
As one embodiment, first bit set is a PDCP PDU.
As one embodiment, first bit set is the high-rise PDU an of uplink.
As one embodiment, first bit set is the PDCP PDU an of uplink.
As one embodiment, first bit set includes { PDCP header, the bit group of first modification, the bit group of second modification }.
As one embodiment, the first layer is PDCP layers, and the lower layer is rlc layer.
As one embodiment, the first layer includes PDCP layers and RRC (Radio Resource Control, wireless heterogeneous networks) layer, and the second layer is Non-Access Stratum, and the lower layer includes rlc layer.
As one embodiment, the second layer is Non-Access Stratum (NAS, Non Access Stratum).
As one embodiment, the second layer is PDCP layers.
As one embodiment, the second layer is by supporting the network measurement equipment of 3GPP Rel-15 version to safeguard.
Specifically, according to an aspect of the present invention, which is characterized in that the step A further includes following steps:
Step A10. receives the first information.
Wherein, the first information is used for first operation and second operation.
As one embodiment, the first information is carried in RRC signaling.
As one embodiment, the first information is carried in NAS information.
As one embodiment, the first information is carried in high-level signaling.
As one embodiment, the first information is related to S1 signaling.
As one embodiment, the first information and the first service groups are associated.First service groups include one or more kinds of business.
As one embodiment, the first information includes the first security key, and first security key is configured by high level.
As one embodiment, first security key is KASME.
As one embodiment, the encryption is used for PDCP layers of signal radio bearer (SRB, Signaling Radio Bearer) and Data Radio Bearer (DRB, Data Radio Bearer).
As one embodiment, the integrity protection is used for PDCP layers of signal radio bearer (SRB, Signaling Radio Bearer).
As one embodiment, the second security key that the encryption needs is obtained from the first security key.
As one embodiment, second security key is KRRCenc.
As one embodiment, second security key is KUPenc.
As one embodiment, the third security key that the integrity protection needs is obtained from the first security key.
As one embodiment, the third security key is KRRCint.
As one embodiment, the sender of the first information is to support 3GPP Rel-15 and the later base station equipment of version.
As one embodiment, the sender of the first information is base station equipment.
As one embodiment, the sender of the first information is user grouping system (UPS, User Packet System).
As one embodiment, the first information is generated in the NAS layer of network side equipment.
As one embodiment, the first information is generated in the second layer of network side equipment.
As one embodiment, the first information generates in user grouping system (UPS, User Packet System).
Specifically, according to an aspect of the present invention, which is characterized in that the step A further includes following steps:
Step A11. receives the second information.
Wherein, second information is used for determining at least the latter in { first layer, the second layer };Or second information is used for determining whether { first layer, the second layer } be identical.
As one embodiment, second information is carried in RRC signaling.
As one embodiment, second information is carried in NAS information.
As one embodiment, second information and the first service groups are associated.First service groups include one or more kinds of business.
As one embodiment, second information is applied to the first radio bearer.First bit group and second bit group are transmitted in first radio bearer.
As one embodiment, second information is generated by base station equipment.
As one embodiment, second information is generated in the second layer of network side equipment.
As one embodiment, second information is generated in the NAS layer of network side equipment.
As one embodiment, second information is generated in the PDCP layer of network side equipment.
As one embodiment, second information indicates the first layer and the second layer is all PDCP layers.
As one embodiment, second information indicates the first layer and the second layer is all NAS layers.
Specifically, according to an aspect of the present invention, which is characterized in that first bit group and corresponding first service groups of second bit group, first service groups include one or more kinds of business.
As one embodiment, the qos requirement of the business is separate configurations.
As one embodiment, the corresponding safety requirements of the business is separate configurations.
As one embodiment, first service groups are a network slices.
As one embodiment, all business in first service groups share identical safety requirements.
As one embodiment, all business in first service groups share identical qos requirement.
Specifically, according to an aspect of the present invention, which is characterized in that the first layer is PDCP layers, and the second layer is Non-Access Stratum.
The invention discloses a kind of methods in base station equipment that be used to wirelessly communicate, wherein includes the following steps:
Step A. executes the third operation in { third operation, the 4th operation } in first layer.
Wherein, the bit group of the first modification is used for the input of the third operation, and the first bit group is the output of the third operation;The bit group of second modification is used for the input of the 4th operation, and the second bit group is the output of the 4th operation.The third operation includes at least one of { decompression, decryption, integrity verification }, and the 4th operation includes at least one of { decryption, integrity verification }.The bit group of first modification and the bit group of second modification correspond to the same protocol Data Unit.
As one embodiment, in above-mentioned aspect, the 4th operation is not performed in the first layer.
As one embodiment, connected between the first layer and the second layer by S1 interface.
As one embodiment, first bit group is Internet Communication Protocol (IP, Internet Protocol) header, and second bit group is IP packet Payload (load).
As a sub- embodiment of above-described embodiment, the bit group of second modification is a PDCP SDU.
As one embodiment, first bit set is a PDCP PDU.
As one embodiment, first bit set is the high-rise PDU an of uplink.
As one embodiment, first bit set is the PDCP PDU an of uplink.
As one embodiment, first bit set includes { PDCP header, the bit group of first modification, the bit group of second modification }.
As one embodiment, for the decompression, the quantity of the bit of output is greater than the quantity of the bit of input.
As one embodiment, the decompression be compare original header and compressed header compressed before header.
As one embodiment, the decompression is the inverse operation to robust header compression (ROHC, Robust Header Compression) algorithm.
As one embodiment, the decompression is the inverse operation to exemplary compression algorithm in TS36.323 table 5.5.1.1.
As one embodiment, the decryption is that initial data and a string of keys go to cover.
As a sub- embodiment, described to go to cover be that data and mask do or operate.
As a sub- embodiment, a string of keys include Hyper Frame Number (HFN, Hyper Frame Number).
As a sub- embodiment, a string of keys include radio bearer identification (Radio Bearer ID).
As a sub- embodiment, a string of keys include PDCP sequence number (PDCP SN).
As a sub- embodiment, a string of keys are broadcast including the first security key.
As one embodiment, the decryption is the decipherment algorithm of TS36.323 description.
As one embodiment, the integrity verification is realized by comparing X Message Authentication Code-integrality (XMAC-I, Message Authentication Code-Integrity) and Message Authentication Code-integrality.
As a sub- embodiment, the X Message Authentication Code-integrality is consistent with Message Authentication Code-integrality, then integrity verification passes through, on the contrary then do not pass through.
As a sub- embodiment, the X Message Authentication Code-integrality is realized by integrity verification algorithm.
As a sub- embodiment, the input parameter of the integrity verification algorithm includes Hyper Frame Number (HFN, Hyper Frame Number).
As a sub- embodiment, the input parameter of the integrity verification algorithm includes radio bearer identification (Radio Bearer ID).
As a sub- embodiment, the input parameter of the integrity verification algorithm includes PDCP sequence number (PDCP SN).
As a sub- embodiment, the input parameter of the integrity verification algorithm includes the first security key.
As a sub- embodiment, the input parameter of the integrity verification algorithm includes data.
Specifically, according to an aspect of the present invention, which is characterized in that the step A further includes following steps:
Step A1. receives the first bit set from lower layer;The bit group of the first bit group and second modification is transmitted to the second layer.
Wherein, first bit set includes the bit group of first modification and the bit group of second modification.4th operation is performed in the second layer.
As one embodiment, the second layer is by the plant maintenance except the base station equipment.
As one embodiment, the second layer is by core-network side plant maintenance.
As a sub- embodiment, the core-network side equipment is to belong to family grouping system (UPS, User Packet System).
As one embodiment, the second layer is the upper layer of the first layer.
As one embodiment, the first layer is PDCP layers, and the second layer is Non-Access Stratum (NAS, Non Access Stratum).
As a sub- embodiment of above-described embodiment, the bit group of the bit group of first modification and second modification belongs to the same PDCP PDU.
As one embodiment, the second layer and whether the first layer is identical to configure.
As one embodiment, the first layer is PDCP layers, and the lower layer is rlc layer.
Specifically, according to an aspect of the present invention, which is characterized in that the step A further includes following steps:
Step A10. passes through the S1 interface first information;Or the first information is sent by air interface.
Wherein, the first information is used for the third operation and the 4th operation.
As one embodiment, the first information and the first service groups are associated.First service groups include one or more kinds of business.
As one embodiment, the first information includes the first security key, and first security key is configured by high level.
As one embodiment, first security key is KASME.
As one embodiment, the encryption is used for PDCP layers of signal radio bearer (SRB, Signaling Radio Bearer) and Data Radio Bearer (DRB, Data Radio Bearer).
As one embodiment, the integrity protection is used for PDCP layers of signal radio bearer (SRB, Signaling Radio Bearer).
As one embodiment, the second security key that the encryption needs is obtained from the first security key.
As one embodiment, second security key is KRRCenc.
As one embodiment, second security key is KUPenc.
As one embodiment, the third security key that the integrity protection needs is obtained from the first security key.
As one embodiment, the third security key is KRRCint.
As one embodiment, the sender of the first information is to support 3GPP Rel-15 and the later base station equipment of version.
As one embodiment, the sender of the first information is base station equipment.
As one embodiment, the first information is carried in RRC signaling.
As one embodiment, the sender of the first information is user grouping system (UPS, User Packet System).
As one embodiment, the first information is carried in high-level signaling.
As one embodiment, the first information and a S1 signaling are related.
As one embodiment, the sender of the S1 signaling is user grouping system (UPS, User Packet System).
As one embodiment, the first information is generated in the NAS layer of network side equipment.
As one embodiment, the first information is generated in the second layer of network side equipment.
As one embodiment, the first information generates in user grouping system (UPS, User Packet System).
Specifically, according to an aspect of the present invention, which is characterized in that the step A further includes following steps:
Step A11. passes through the second information of S1 interface;Or the second information is sent by air interface.
Wherein, second information is used for determining at least the latter in { first layer, the second layer };Or second information is used for determining whether { first layer, the second layer } be identical.
As one embodiment, above-mentioned aspect ensures that base station can take correct operation to the bit group of first modification and the bit group of second modification, avoids base station and executes the 4th operation to the bit group of second modification.
As one embodiment, second information and the first service groups are associated.First service groups include one or more kinds of business.
As one embodiment, second information is applied to the first radio bearer.First bit group and second bit group are transmitted in first radio bearer.
As one embodiment, second information is carried in RRC signaling.
As one embodiment, second information is generated by base station equipment.
As one embodiment, second information is generated in the second layer of network side equipment.
As one embodiment, second information is generated in the NAS layer of network side equipment.
As one embodiment, second information is generated in the PDCP layer of network side equipment.
As one embodiment, second information is carried in high-level signaling.
As one embodiment, second information is related to a S1 signaling.
As one embodiment, second information indicates the first layer and the second layer is all PDCP layers.
As one embodiment, second information indicates the first layer and the second layer is all NAS layers.
Specifically, according to an aspect of the present invention, which is characterized in that first bit group and corresponding first service groups of second bit group, first service groups include one or more kinds of business.
As one embodiment, first service groups are a network slices.
Specifically, according to an aspect of the present invention, which is characterized in that the first layer is PDCP layers, and the second layer is Non-Access Stratum.
The invention discloses a kind of methods in non-access net equipment, wherein includes the following steps:
Step A. executes the 4th operation in { third operation, the 4th operation } in the second layer.
Wherein, the bit group of the first modification is used for the input of the third operation, and the first bit group is the output of the third operation;The bit group of second modification is used for the input of the 4th operation, and the second bit group is the output of the 4th operation.The third operation includes at least one of { decompression, decryption, integrity verification }, and the 4th operation includes at least one of { decryption, integrity verification }.The bit group of first modification and the bit group of second modification correspond to the same protocol Data Unit.
As one embodiment, the first layer is by the plant maintenance except the non-access net equipment.
As one embodiment, the first layer is by base station maintenance.
As a sub- embodiment, 3GPP Rel-15 is supported in the base station.
As one embodiment, connected between the first layer and the second layer by S1 interface.
As one embodiment, first bit group is Internet Communication Protocol (IP, Internet Protocol) header, second bit group is Internet Communication Protocol (IP, Internet Protocol) packet Payload (load).
As a sub- embodiment of above-described embodiment, the bit group of second modification is a PDCP SDU
As one embodiment, the non-access net equipment is equipment of the core network.
Specifically, according to an aspect of the present invention, which is characterized in that the step A further includes following steps:
Step A1. receives the bit group of the first bit group and the second modification from first layer.
Wherein, the third operation is performed in the first layer.
Specifically, according to an aspect of the present invention, which is characterized in that the step A further includes following steps:
Step A0. sends the first information by S1 interface.
Wherein, the first information is used for the third operation and the 4th operation.
As one embodiment, the first information and a S1 signaling are related.
As one embodiment, the first information is carried in Non-Access Stratum (NAS, Non Access Stratum) information.
Specifically, according to an aspect of the present invention, which is characterized in that the step A further includes following steps:
Step A2. sends the second information by S1 interface.
Wherein, second information is used for determining at least the latter in { first layer, the second layer };Or second information is used for determining whether { first layer, the second layer } be identical.
As one embodiment, second information is related to a S1 signaling.
As one embodiment, second information is carried in Non-Access Stratum (NAS, Non Access Stratum) information.
Specifically, according to an aspect of the present invention, which is characterized in that first bit group and corresponding first service groups of second bit group, first service groups include one or more kinds of business.
As one embodiment, for different business, above-mentioned aspect is able to satisfy variable qos requirement and safety requirements
Specifically, according to an aspect of the present invention, which is characterized in that the first layer is PDCP layers, institute Stating the second layer is Non-Access Stratum.
The invention discloses a kind of user equipmenies that be used to wirelessly communicate, wherein including following module:
First processing module: for executing the second operation in the second layer;
Second processing module: for executing the first operation in first layer
Wherein, the first bit group is used for the input of first operation, and the bit group of the first modification is the output of first operation;Second bit group is used for the input of second operation, and the bit group of the second modification is the output of second operation.The bit group of first modification and the bit group of second modification correspond to the same protocol Data Unit.It include positive integer bit in the bit group.First operation includes at least one of { compression, encryption, integrity protection }, and second operation includes at least one of { encryption, integrity protection }.
As one embodiment, the above-mentioned user equipment that be used to wirelessly communicate is characterized in that:
First processing module described in-is also used to transmit the bit group of the first bit group and second modification from the second layer to the first layer;
Second processing module described in-is also used to transmit the first bit set to lower layer from the first layer.
Wherein, first bit set includes the bit group of first modification and the bit group of second modification.
As one embodiment, the above-mentioned user equipment that be used to wirelessly communicate is characterized in that the first processing module is also used to receive the first information.Wherein, the first information is used for first operation and second operation.
As one embodiment, the above-mentioned user equipment that be used to wirelessly communicate is characterized in that: the first processing module is also used to receive the second information.Wherein, second information is used for determining at least the latter in { first layer, the second layer };Or second information is used for determining whether { first layer, the second layer } be identical.
As one embodiment, the above-mentioned user equipment that be used to wirelessly communicate is characterized in that, first bit group and corresponding first service groups of second bit group, first service groups include one or more kinds of business.
Specifically, according to an aspect of the present invention, which is characterized in that the first layer is PDCP layers, and the second layer is Non-Access Stratum.
The invention discloses a kind of base station equipments that be used to wirelessly communicate, wherein including following module:
Third processing module: for executing the third operation in { third operation, the 4th operation } in first layer.
Wherein, the bit group of the first modification is used for the input of the third operation, and the first bit group is the output of the third operation;The bit group of second modification is used for the input of the 4th operation, and the second bit group is the output of the 4th operation.The third operation includes at least one of { decompression, decryption, integrity verification }, and the 4th operation includes at least one of { decryption, integrity verification }.The bit group of first modification and the bit group of second modification correspond to the same protocol Data Unit.
As one embodiment, the above-mentioned base station equipment that be used to wirelessly communicate is characterized in that the third processing module is also used to receive the first bit set from lower layer and transmit the bit group of (Deliver) first bit group and second modification to the second layer.Wherein, first bit set includes the bit group of first modification and the bit group of second modification.4th operation is performed in the second layer.
As one embodiment, the above-mentioned base station equipment that be used to wirelessly communicate is characterized in that the third processing module is also used to through the S1 interface first information;Or the first information is sent by air interface.Wherein, the first information is used for the third operation and the 4th operation.
As one embodiment, the above-mentioned base station equipment that be used to wirelessly communicate is characterized in that the third processing module is also used to through the second information of S1 interface;Or the second information is sent by air interface.Wherein, second information is used for determining at least the latter in { first layer, the second layer };Or second information is used for determining whether { first layer, the second layer } be identical.
As one embodiment, the above-mentioned base station equipment that be used to wirelessly communicate is characterized in that, first bit group and corresponding first service groups of second bit group, first service groups include one or more kinds of business.
Specifically, according to an aspect of the present invention, which is characterized in that the first layer is PDCP layers, and the second layer is Non-Access Stratum.
The invention discloses a kind of non-access net equipment, wherein including following module:
Fourth processing module: for executing the 4th operation in { third operation, the 4th operation } in the second layer.
Wherein, the bit group of the first modification is used for the input of the third operation, and the first bit group is the output of the third operation;The bit group of second modification is used for the input of the 4th operation, and the second bit group is the output of the 4th operation.The third operation includes at least one of { decompression, decryption, integrity verification }, and the 4th operation includes at least one of { decryption, integrity verification }.The bit of first modification Group corresponds to the same protocol Data Unit with the bit group of second modification.
As one embodiment, above-mentioned non-access net equipment is characterized in that, the fourth processing module is also used to receive the bit group of the first bit group and the second modification from first layer.Wherein, the third operation is performed in the first layer.
As one embodiment, above-mentioned non-access net equipment is characterized in that, the fourth processing module is also used to send the first information by S1 interface.Wherein, the first information is used for the third operation and the 4th operation.
As one embodiment, above-mentioned non-access net equipment is characterized in that, the fourth processing module is also used to send the second information by S1 interface.Wherein, second information is used for determining at least the latter in { first layer, the second layer };Or second information is used for determining whether { first layer, the second layer } be identical.
As one embodiment, above-mentioned non-access net equipment is characterized in that, first bit group and corresponding first service groups of second bit group, first service groups include one or more kinds of business.
Specifically, according to an aspect of the present invention, which is characterized in that the first layer is PDCP layers, and the second layer is Non-Access Stratum.
As one embodiment, existing public technology is compared, the present invention has following technical advantage:
- meets the safety requirements to different business by carrying out encrypting the qos requirement for meeting different business the header of data packet with different entities is supported on;
- is decompressed by the header of designation date packet with the encryption of some entity transmitting terminal of user equipment, help base station side entity receiving end is supported on;
- reduces the delay of access net;
- reduces the risk that access net is given away secrets, and improves the safety of transmission.
Detailed description of the invention
By reading a detailed description of non-restrictive embodiments in the light of the attached drawings below, other features, objects, and advantages of the present invention will become more apparent:
Fig. 1 shows the schematic diagram of the first operation according to an embodiment of the invention;
Fig. 2 shows the schematic diagrames of third according to an embodiment of the invention operation;
Fig. 3 shows the schematic diagram of the second operation according to an embodiment of the invention;
Fig. 4 shows the schematic diagram of the 4th operation according to an embodiment of the invention;
Fig. 5 shows the schematic diagram of the first operation and third operation according to an embodiment of the invention;
Fig. 6 shows the schematic diagram of the second operation and the 4th operation according to an embodiment of the invention;
Fig. 7 shows the flow chart of upstream data according to an embodiment of the invention sent and received;
Fig. 8 shows the flow chart of the transmission of upstream data according to an embodiment of the invention;
Fig. 9 shows the received flow chart of upstream data according to an embodiment of the invention;
Figure 10 shows the schematic diagram of the first bit set according to an embodiment of the invention;
Figure 11 shows the schematic diagram of network slice according to an embodiment of the invention;
Figure 12 shows the structural block diagram of the processing unit in UE according to an embodiment of the invention;
Figure 13 shows the structural block diagram of the processing unit in base station according to an embodiment of the invention;
Figure 14 shows the structural block diagram of the processing unit in equipment of the core network according to an embodiment of the invention.
Specific embodiment
Technical solution of the present invention is described in further detail below in conjunction with attached drawing, it should be noted that in the absence of conflict, the feature in embodiments herein and embodiment can be arbitrarily combined with each other.
Embodiment 1
Embodiment 1 illustrates the schematic diagram of the first operation, as shown in Fig. 1.
In embodiment 1, the first bit group becomes the bit group of the first modification after the first operation.First bit group and the bit group of first modification respectively include positive integer bit.First operation includes at least one of { compression, encryption, integrity protection }.
As one embodiment, first bit group is IP header.First operation is performed in the PDCP layer in UE.
As one embodiment, first operation includes { compression, encryption };Or the first operation packet Include { compression, encryption, integrity protection }.
As one embodiment, the bit group of first modification is that first bit group successively passes through the compression, is generated after the encryption and the integrity protection.
As one embodiment, the bit group of first modification is that first bit group successively generates after the compression and the encryption.
As one embodiment, the quantity of bit of first bit group after overcompression is less than the quantity of the bit in first bit group.
As one embodiment, the compression is robust header compression (ROHC, Robust Header Compression).
As one embodiment, the compression is using exemplary compression algorithm in the table 5.5.1.1 in 3GPP TS36.323.
As one embodiment, the encryption is used to ensure that data keep secret between originator and receiving end.
As one embodiment, the encryption is to add to cover using a string of key pair initial data.
It is described plus to cover be that two data do xor operation as one embodiment.
As one embodiment, a string of keys include Hyper Frame Number (HFN, Hyper Frame Number).
As one embodiment, a string of keys include radio bearer identification (Radio Bearer ID).
As one embodiment, a string of keys include PDCP sequence number (PDCP SN).
As one embodiment, a string of keys are broadcast including the first security key.
As one embodiment, the encryption is using Encryption Algorithm described in TS36.323.
As one embodiment, the integrity protection refers to: being added by Message Authentication Code-integrality (MAC-I, Message Authentication Code-Integrity) and data and covers realization.
As one embodiment, the Message Authentication Code-integrality is realized by protection algorithm integrallty.
As one embodiment, the input parameter of the integral algorithm protection includes Hyper Frame Number (HFN, Hyper Frame Number).
As one embodiment, the input parameter of the integral algorithm protection includes radio bearer identification (Radio Bearer ID).
As one embodiment, the input parameter of the integral algorithm protection includes PDCP sequence number (PDCPSN).
As one embodiment, the input parameter of the protection algorithm integrallty includes the first security key.
As one embodiment, the input parameter of the protection algorithm integrallty includes data.
As one embodiment, first operation is to be performed in a user device.
As one embodiment, first operation is realized by the software program in user equipment.
Embodiment 2
Embodiment 2 illustrates the schematic diagram of third operation, as shown in Fig. 2.
In embodiment 2, the bit group of the first modification becomes the first bit group after third operation.First bit group and the bit group of first modification respectively include positive integer bit.The third operation includes at least one of { decompression, decryption, integrity verification }.
As one embodiment, first bit group is IP header.It is performed in the PDCP layer of the third operation in a base station.
As one embodiment, the third operation includes { decompression, decryption };Or the third operation includes { decompression, decryption, integrity verification }.
As one embodiment, first bit group is that the bit group of first modification successively passes through the integrity verification, is generated after the decryption and the decompression.
As one embodiment, first bit group is that the bit group of first modification successively generates after the decryption and the decompression.
As one embodiment, first bit group is less than the quantity of the bit in first bit group in the quantity of the bit before decompression.
As one embodiment, for the decompression, the bit number of output data is greater than the bit number of input data.
As one embodiment, the decompression be compare original header and compressed header compressed before header.
As one embodiment, the decompression is the inverse operation to robust header compression (ROHC, Robust Header Compression) algorithm.
As one embodiment, the decompression is the inverse operation to exemplary compression algorithm in TS36.323 table 5.5.1.1.
As one embodiment, the decryption is that initial data and a string of keys go to cover.
As a sub- embodiment, described to go to cover be that data and mask do or operate.
As a sub- embodiment, a string of keys include Hyper Frame Number (HFN, Hyper Frame Number).
As a sub- embodiment, a string of keys include radio bearer identification (Radio Bearer ID).
As a sub- embodiment, a string of keys include PDCP sequence number (PDCP SN).
As a sub- embodiment, a string of keys are broadcast including the first security key.
As one embodiment, the decryption is the decipherment algorithm of TS36.323 description.
As one embodiment, the integrity verification is realized by comparing X Message Authentication Code-integrality (XMAC-I, Message Authentication Code-Integrity) and Message Authentication Code-integrality.
As a sub- embodiment, the X Message Authentication Code-integrality is consistent with Message Authentication Code-integrality, then integrity verification passes through, on the contrary then do not pass through.
As a sub- embodiment, the X Message Authentication Code-integrality is realized by integrity verification algorithm.
As a sub- embodiment, the input parameter of the integrity verification algorithm includes Hyper Frame Number (HFN, Hyper Frame Number).
As a sub- embodiment, the input parameter of the integrity verification algorithm includes radio bearer identification (Radio Bearer ID).
As a sub- embodiment, the input parameter of the integrity verification algorithm includes PDCP sequence number (PDCP SN).
As a sub- embodiment, the input parameter of the integrity verification algorithm includes the first security key.
As a sub- embodiment, the input parameter of the integrity verification algorithm includes data.
As one embodiment, the third operation is performed in base station equipment.
As one embodiment, the third operation is realized by the software program in base station equipment.
Embodiment 3
Embodiment 3 illustrates the schematic diagram of the second operation, as shown in Fig. 3.
In embodiment 3, the second bit group becomes the bit group of the second modification after the second operation.Second bit group and the bit group of second modification respectively include positive integer bit.Second operation includes at least one of { encryption, integrity protection }.
As one embodiment, second bit group is IP load.Second operation is performed in the NAS in UE.
As one embodiment, second operation includes encryption;Or second operation includes { encryption, integrity protection }.
As one embodiment, the bit group of second modification is described in second bit group is successively passed through It is generated after encryption and the integrity protection.
As one embodiment, the bit group of second modification is second bit group by generating after the encryption.
As one embodiment, the encryption is used to ensure that data keep secret between originator and receiving end.
As one embodiment, the encryption is to add to cover using a string of key pair initial data.
It is described plus to cover be that two data do xor operation as one embodiment.
As one embodiment, a string of keys include Hyper Frame Number (HFN, Hyper Frame Number).
As one embodiment, a string of keys include radio bearer identification (Radio Bearer ID).
As one embodiment, a string of keys include PDCP sequence number (PDCP SN).
As one embodiment, a string of keys are broadcast including the first security key.
As one embodiment, the encryption is using Encryption Algorithm described in TS36.323.
As one embodiment, the integrity protection refers to: being added by Message Authentication Code-integrality (MAC-I, Message Authentication Code-Integrity) and data and covers realization.
As one embodiment, the Message Authentication Code-integrality is realized by protection algorithm integrallty.
As one embodiment, the input parameter of the integral algorithm protection includes Hyper Frame Number (HFN, Hyper Frame Number).
As one embodiment, the input parameter of the integral algorithm protection includes radio bearer identification (Radio Bearer ID).
As one embodiment, the input parameter of the integral algorithm protection includes PDCP sequence number (PDCP SN).
As one embodiment, the input parameter of the protection algorithm integrallty includes the first security key.
As one embodiment, the input parameter of the protection algorithm integrallty includes data.
As one embodiment, second operation is to be performed in a user device.
As one embodiment, second operation is realized by the software program in user equipment.
Embodiment 4
Embodiment 4 illustrates the schematic diagram of the 4th operation, as shown in Fig. 4.
In embodiment 4, the bit group of the second modification becomes the second bit group after the 4th operation.Second bit group and the bit group of second modification respectively include positive integer bit.4th operation includes at least one of { decryption, integrity verification }.
As one embodiment, second bit group is IP load.4th operation is performed in the NAS in equipment of the core network.
As one embodiment, the 4th operation includes decryption;Or the 4th operation includes { decryption, integrity verification }.
As one embodiment, second bit group is that the bit group of second modification successively generates after the integrity verification and the decryption.
As one embodiment, second bit group is the bit group of second modification by generating after the decryption.
As one embodiment, the decryption is that initial data and a string of keys go to cover.
As a sub- embodiment, described to go to cover be that data and mask do or operate.
As a sub- embodiment, a string of keys include Hyper Frame Number (HFN, Hyper Frame Number).
As a sub- embodiment, a string of keys include radio bearer identification (Radio Bearer ID).
As a sub- embodiment, a string of keys include PDCP sequence number (PDCP SN).
As a sub- embodiment, a string of keys are broadcast including the first security key.
As one embodiment, the decryption is the decipherment algorithm of TS36.323 description.
As one embodiment, the integrity verification is realized by comparing X Message Authentication Code-integrality (XMAC-I, Message Authentication Code-Integrity) and Message Authentication Code-integrality.
As a sub- embodiment, the X Message Authentication Code-integrality is consistent with Message Authentication Code-integrality, then integrity verification passes through, on the contrary then do not pass through.
As a sub- embodiment, the X Message Authentication Code-integrality is realized by integrity verification algorithm.
As a sub- embodiment, the input parameter of the integrity verification algorithm includes Hyper Frame Number (HFN, Hyper Frame Number).
As a sub- embodiment, the input parameter of the integrity verification algorithm includes radio bearer identification (Radio Bearer ID).
As a sub- embodiment, the input parameter of the integrity verification algorithm includes PDCP sequence number (PDCP SN).
As a sub- embodiment, the input parameter of the integrity verification algorithm includes the first security key.
As a sub- embodiment, the input parameter of the integrity verification algorithm includes data.
As one embodiment, the 4th operation is performed in non-access net equipment i.e. equipment of the core network.
As one embodiment, the 4th operation is realized by the software program in equipment of the core network.
Embodiment 5
Embodiment 5 illustrates the schematic diagram of the first operation and third operation, as shown in Fig. 5.
In embodiment 5, first operation include in { compression, encryption, integrity protection } at least the above two, the third operation include in { integrity verification is decrypted, decompression } at least after both.
In embodiment 5, the compression and the decompression inverse operation each other, the encryption and the decryption inverse operation each other, the integrity protection and the integrity verification inverse operation each other.
As one embodiment, first operation and third operation are performed in UE and base station respectively.
As one embodiment, first operation and third operation are performed in the PDCP layer of the PDCP layer of UE He base station respectively.
As one embodiment, first operation and third operation are performed in the layer of the equity of UE and base station respectively.
Embodiment 6
Embodiment 6 illustrates the schematic diagram of the second operation and the 4th operation, as shown in Fig. 6.
In embodiment 6, second operation include in { encryption, integrity protection } at least the former, the 4th operation includes at least the latter in { integrity verification, decryption }.
In embodiment 6, the encryption and the decryption inverse operation each other, the integrity protection and the integrity verification inverse operation each other.
As one embodiment, second operation and the 4th operation are performed in UE and equipment of the core network respectively.
As one embodiment, second operation and the 4th operation are performed in the NAS of the NAS of UE and equipment of the core network respectively.
As one embodiment, first operation and third operation are performed in the layer of the equity of UE and equipment of the core network respectively.
Embodiment 7
Embodiment 7 illustrates the flow chart of upstream data sent and received, as shown in Fig. 7.It is attached In Fig. 7, step S31 is optional.
In embodiment 7, UE safeguards lower layer C0, first layer C1, second layer C2;Base station maintenance lower layer D0 and first layer D1;Equipment of the core network safeguards second layer D2.
In step slo, second layer C2 executes the second operation, transmits the bit group of the first bit group and second modification to the first layer C1;In step s 11, first layer C1 executes the first operation, and the first bit set of transmitting gives lower layer C0.
In the step s 21, first layer D1 receives the first bit set from lower layer D0, and first layer D1 executes third operation;In step S20, first layer D1 transmits the first bit group and the bit group of second modification gives second layer D2, second layer D2 to execute the 4th operation.
In embodiment 7, the first bit group is used for the input of first operation, and the bit group of the first modification is the output of first operation;Second bit group is used for the input of second operation, and the bit group of the second modification is the output of second operation.First operation includes at least one of { compression, encryption, integrity protection }, and second operation includes at least one of { encryption, integrity protection }.The bit group of first modification is used for the input of the third operation, and the first bit group is the output of the third operation;The bit group of second modification is used for the input of the 4th operation, and the second bit group is the output of the 4th operation.The third operation includes at least one of { decompression, decryption, integrity verification }, and the 4th operation includes at least one of { decryption, integrity verification }.The bit group of first modification and the bit group of second modification belong to the same protocol Data Unit.First bit set includes the bit group of first modification and the bit group of second modification.
As one embodiment, the protocol Data Unit is PDCP PDU.
As one embodiment, in step S31, second layer D2 sends the target information and gives second layer C2.
As a sub- embodiment of above-described embodiment, the data channel between second layer D2 and second layer C2 includes { first layer D1, lower layer D0, wireless channel, lower layer C0, first layer C1 }.
As one embodiment, the target information include the present invention in the first information, the present invention in second information at least one of.
As one embodiment, the target information is carried by RRC signaling.
As one embodiment, the target information is carried by NAS information.
Respectively include rlc layer as one embodiment, lower layer C0, first layer C1, second layer C2, lower layer D0 and first layer D1 and second layer D2, PDCP layers, NAS, rlc layer, PDCP layers and NAS。
As a sub- embodiment of above-described embodiment, first layer C1 further includes RRC (Radio Resource Control, wireless heterogeneous networks) layer, and first layer D1 further includes rrc layer.
As a sub- embodiment of above-described embodiment, lower layer D0 further includes MAC (Media Access Control, media intervention control) layer and physical layer, lower layer C0 further include MAC layer and physical layer.
As one embodiment, connected between the equipment of the core network and the base station by S1 interface.
As one embodiment, the bit group of the bit group of first modification and second modification belongs to the same PDCP PDU.
Embodiment 8
Embodiment 8 illustrates the flow chart of the transmission of upstream data, as shown in Fig. 8.In attached drawing 8, the second layer, first layer and lower layer are safeguarded by UE.
In embodiment 8, transmitting (Diliver) is to lower layer after the second layer executes the second operation to the latter come in { the first bit group, the second bit group };First layer to from the second layer the first bit group, and second modification bit group in the former carry out the first operation after pass to lower layer;First layer by from the second layer second modification bit group it is transparent pass to lower layer.The bit group of first modification and the bit group of second modification belong to a high level PDU.
As one embodiment, the lower layer is rlc layer.
As one embodiment, the first layer include { PDCP layers, rrc layer } at least the former, the second layer is NAS.
As one embodiment, the second information in the present invention is used for determining:
First layer described in-and the second layer are PDCP layers and NAS respectively;Or
First layer described in-and the second layer belong to PDCP layers;Or
First layer described in-and the second layer belong to NAS.
Embodiment 9
Embodiment 9 illustrates the received flow chart of upstream data, as shown in Fig. 9.In attached drawing 9, lower layer is by base station maintenance.
In embodiment 9, first layer receives the bit group of the first modification from lower layer and the bit group of the second modification;First layer executes third operation to the bit group of the first modification therein, therein second The bit group of modification it is transparent pass to the second layer;The second layer executes the 4th operation to the bit group of second modification received.The bit group of first modification and the bit group of second modification belong to a high level PDU.
As one embodiment, the lower layer is rlc layer.
As one embodiment, the first layer and the second layer are PDCP layers and NAS respectively, and the first layer and the second layer are safeguarded by base station and UPS respectively.
As one embodiment, the second information in the present invention is used for determining:
First layer described in-and the second layer are PDCP layers and NAS respectively;Or
First layer described in-and the second layer belong to PDCP layers;Or
First layer described in-and the second layer belong to NAS.
Embodiment 10
Embodiment 10 illustrates the schematic diagram of the first bit set, as shown in Fig. 10.
In embodiment 10, first bit set is by third bit group, and the bit group of the bit group of the first modification and the second modification successively cascades.
As one embodiment, first bit set is a PDCP PDU, and the third bit group includes PDCP header (Header).
Embodiment 11
Embodiment 11 illustrates the schematic diagram of network slice, as shown in Fig. 11.In attached drawing 11, given RAT (Radio Access Technology, wireless access technology) includes three network slices, and shown network slice #1 corresponds to user type #1, shown network slice #2 corresponds to user type #2, and shown network slice #3 corresponds to user type #3.Shown network slice #1 corresponds to service groups #1, and shown network slice #2 corresponds to service groups #2, and shown network slice #3 corresponds to service groups #3.
As one embodiment, the user type #1 is directed to mobile broadband user.
As one embodiment, the user type #2 is directed to general IOT (Internet of Things, Internet of Things) user.
As one embodiment, the user type #3 is directed to the IOT user of specific demand.
As one embodiment, the corresponding medical class IOT user of the IOT user of the specific demand.
As one embodiment, the IOT user of the specific demand corresponds to car networking IOT user.
As one embodiment, the IOT user of the specific demand corresponds to industrial robot IOT user.
As a sub- embodiment, the service groups #1 includes at least one of { wireless communication, internet } business.
As a sub- embodiment, the service groups #2 includes at least one of { logistics, agricultural are meteorological } business.
As a sub- embodiment, the service groups #3 includes at least one of { automatic Pilot, industry manufacture } business.
As a sub- embodiment, the given RAT is the RAT based on 5G technology.
As a sub- embodiment, the given RAT is the RAT based on NR (New Radio, new wireless) technology.
Embodiment 12
Embodiment 12 illustrates the structural block diagram of the processing unit in a UE, as shown in Fig. 12.In attached drawing 12, UE processing unit 100 is mainly made of first processing module 101 and Second processing module 102.
First processing module 101 is used to execute the second operation in the second layer;Second processing module 102 is used to execute the first operation in first layer
In embodiment 12, the first bit group is used for the input of first operation, and the bit group of the first modification is the output of first operation;Second bit group is used for the input of second operation, and the bit group of the second modification is the output of second operation.The bit group of first modification and the bit group of second modification correspond to the same protocol Data Unit.It include positive integer bit in the bit group.First operation includes at least one of { compression, encryption, integrity protection }, and second operation includes at least one of { encryption, integrity protection }.
As one embodiment, the first processing module 101 is also used at least one of:
Step A10. receives the first information.
Step A11. receives the second information.
Wherein, the first information is used for first operation and second operation.Second information is used for determining that first operation and second operation are performed in the first layer and the second layer respectively.The first layer includes PDCP layers, and the second layer is NAS.
As one embodiment, the first processing module 101 is also used to transmit the first ratio from the second layer Spy's group and the bit group of second modification give the first layer;The Second processing module 102 is also used to transmit the first bit set to lower layer from the first layer.Wherein, first bit set includes the bit group of first modification and the bit group of second modification.
As one embodiment, first bit block is IP header, and second bit block is IP load.
Embodiment 13
Embodiment 13 illustrates the structural block diagram of the processing unit in a base station, as shown in Fig. 13.In attached drawing 13, base station processing unit 200 is mainly made of third processing module 201.
The third processing module 201 is used to execute the third operation in { third operation, the 4th operation } in first layer.
In embodiment 13, the bit group of the first modification is used for the input of the third operation, and the first bit group is the output of the third operation;The bit group of second modification is used for the input of the 4th operation, and the second bit group is the output of the 4th operation.The third operation includes at least one of { decompression, decryption, integrity verification }, and the 4th operation includes at least one of { decryption, integrity verification }.The bit group of first modification and the bit group of second modification correspond to the same protocol Data Unit.
As one embodiment, the third processing module 201 is also used to:
- receives the first bit set from lower layer
- transmits the bit group of the first bit group and second modification to the second layer.
Wherein, first bit set includes the bit group of first modification and the bit group of second modification.4th operation is performed in the second layer.The second layer is safeguarded by equipment of the core network.
As one embodiment, the third processing module 201 is also used at least one of:
Step A10. passes through the S1 interface first information;And the first information is sent by air interface.
Step A11. passes through the second information of S1 interface;Or the second information is sent by air interface.
Wherein, the first information is used for the third operation and the 4th operation.Second information is used for determining the first layer and the second layer;Or second information is used for determining whether { first layer, the second layer } be identical.
Embodiment 14
Embodiment 14 illustrates the structural block diagram of the processing unit in core king's equipment, as shown in Fig. 14.In attached drawing 14, the processing unit 300 of equipment of the core network is mainly made of fourth processing module 301.
The fourth processing module 301 is used to execute the 4th operation in { third operation, the 4th operation } in the second layer.
In embodiment 14, the bit group of the first modification is used for the input of the third operation, and the first bit group is the output of the third operation;The bit group of second modification is used for the input of the 4th operation, and the second bit group is the output of the 4th operation.The third operation includes at least one of { decompression, decryption, integrity verification }, and the 4th operation includes at least one of { decryption, integrity verification }.The bit group of first modification and the bit group of second modification correspond to the same PDCP PDU.
As one embodiment, the fourth processing module 301 is also used to:
- receives the bit group of the first bit group and the second modification from first layer.
Wherein, the third operation is performed in the first layer.The first layer is by base station apparatus maintenance.
As one embodiment, the fourth processing module 301 is also used at least one of:
- sends the first information by S1 interface;
- sends the second information by S1 interface.
Wherein, the first information is used for the third operation and the 4th operation.Second information is used for determining at least the latter in { first layer, the second layer };Or second information is used for determining whether { first layer, the second layer } be identical.The second layer is NAS, and the first layer is PDCP layers.The first information is that network slice (Slice) is specific.Second information is that network slice (Slice) is specific.
Those of ordinary skill in the art will appreciate that all or part of the steps in the above method can instruct related hardware to complete by program, described program be can store in computer readable storage medium, such as read-only memory, hard disk or CD etc..Optionally, one or more integrated circuit can be used also to realize in all or part of the steps of above-described embodiment.Correspondingly, each modular unit in above-described embodiment, can be realized using example, in hardware, can also realize that the application is not limited to the combination of the software and hardware of any particular form by the form of software function module.UE and terminal in the present invention include but is not limited to RFID, internet-of-things terminal equipment, MTC (Machine Type Communication, machine type communication) terminal, vehicular communication equipment, wireless sensor, card of surfing Internet, mobile phone, tablet computer, the wireless telecom equipments such as notebook.Base station in the present invention, base station equipment and network side equipment include but is not limited to macrocell base stations, microcell base station, Home eNodeB, the wireless telecom equipments such as relay base station.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the scope of the present invention.All within the spirits and principles of the present invention, any modification made, equivalent replacement, improve etc., it should all be included in the protection scope of the present invention.

Claims (20)

  1. A method of in the user equipment that be used to wirelessly communicate, wherein include the following steps:
    Step A. executes the second operation in the second layer;
    Step B. executes the first operation in first layer
    Wherein, the first bit group is used for the input of first operation, and the bit group of the first modification is the output of first operation;Second bit group is used for the input of second operation, and the bit group of the second modification is the output of second operation.The bit group of first modification and the bit group of second modification correspond to the same protocol Data Unit.It include positive integer bit in the bit group.First operation includes at least one of { compression, encryption, integrity protection }, and second operation includes at least one of { encryption, integrity protection }.
  2. The method according to claim 1, wherein the step A further includes following steps A1, the step B further includes following steps B1:
    Step A1. transmits the bit group of the first bit group and second modification to the first layer from the second layer;
    Step B1. transmits the first bit set to lower layer from the first layer.
    Wherein, first bit set includes the bit group of first modification and the bit group of second modification.
  3. According to claim 1, method described in 2, which is characterized in that the step A further includes following steps:
    Step A10. receives the first information.
    Wherein, the first information is used for first operation and second operation.
  4. Method according to claim 1 to 3, which is characterized in that the step A further includes following steps:
    Step A11. receives the second information.
    Wherein, second information is used for determining at least the latter in { first layer, the second layer };Or second information is used for determining whether { first layer, the second layer } be identical.
  5. Method described in -4 according to claim 1, which is characterized in that first bit group and corresponding first service groups of second bit group, first service groups include one or more kinds of business.
  6. Method described in -5 according to claim 1, which is characterized in that the first layer is packet data convergence protocol, and the second layer is Non-Access Stratum.
  7. A method of in the base station equipment that be used to wirelessly communicate, wherein include the following steps:
    Step A. executes the third operation in { third operation, the 4th operation } in first layer.
    Wherein, the bit group of the first modification is used for the input of third operation, and the first bit group is described the The output of three operations;The bit group of second modification is used for the input of the 4th operation, and the second bit group is the output of the 4th operation.The third operation includes at least one of { decompression, decryption, integrity verification }, and the 4th operation includes at least one of { decryption, integrity verification }.The bit group of first modification and the bit group of second modification correspond to the same protocol Data Unit.
  8. The method according to the description of claim 7 is characterized in that the step A further includes following steps:
    Step A1. receives the first bit set from lower layer;The bit group of the first bit group and second modification is transmitted to the second layer.
    Wherein, first bit set includes the bit group of first modification and the bit group of second modification.4th operation is performed in the second layer.
  9. According to claim 7, method described in 8, which is characterized in that the step A further includes following steps:
    Step A10. passes through the S1 interface first information;Or the first information is sent by air interface.
    Wherein, the first information is used for the third operation and the 4th operation.
  10. According to claim 7, method described in 8,9, which is characterized in that the step A further includes following steps:
    Step A11. passes through the second information of S1 interface;Or the second information is sent by air interface.
    Wherein, second information is used for determining at least the latter in { first layer, the second layer };Or second information is used for determining whether { first layer, the second layer } be identical.
  11. According to method described in claim 7-10, which is characterized in that first bit group and corresponding first service groups of second bit group, first service groups include one or more kinds of business.
  12. According to method described in claim 7-11, which is characterized in that the first layer is packet data convergence protocol, and the second layer is Non-Access Stratum.
  13. A kind of method in non-access net equipment, wherein include the following steps:
    Step A. executes the 4th operation in { third operation, the 4th operation } in the second layer.
    Wherein, the bit group of the first modification is used for the input of the third operation, and the first bit group is the output of the third operation;The bit group of second modification is used for the input of the 4th operation, and the second bit group is the output of the 4th operation.The third operation includes at least one of { decompression, decryption, integrity verification }, and the 4th operation includes at least one of { decryption, integrity verification }.The bit group of first modification and the bit group of second modification correspond to the same protocol Data Unit.
  14. According to the method for claim 13, which is characterized in that the step A further includes following steps:
    Step A1. receives the bit group of the first bit group and the second modification from first layer.
    Wherein, the third operation is performed in the first layer.
  15. Method described in 3,14 according to claim 1, which is characterized in that the step A further includes at least one of following steps:
    Step A0. sends the first information by S1 interface;
    Step A2. sends the second information by S1 interface.
    Wherein, the first information is used for the third operation and the 4th operation.Second information is used for determining at least the latter in { first layer, the second layer };Or second information is used for determining whether { first layer, the second layer } be identical.
  16. Method described in 3-15 according to claim 1, which is characterized in that first bit group and corresponding first service groups of second bit group, first service groups include one or more kinds of business.
  17. Method described in 3-16 according to claim 1, which is characterized in that the first layer is packet data convergence protocol, and the second layer is Non-Access Stratum.
  18. A kind of user equipment that be used to wirelessly communicate, wherein including following module:
    First processing module: for executing the second operation in the second layer;
    Second processing module: for executing the first operation in first layer
    Wherein, the first bit group is used for the input of first operation, and the bit group of the first modification is the output of first operation;Second bit group is used for the input of second operation, and the bit group of the second modification is the output of second operation.The bit group of first modification and the bit group of second modification correspond to the same protocol Data Unit.It include positive integer bit in the bit group.First operation includes at least one of { compression, encryption, integrity protection }, and second operation includes at least one of { encryption, integrity protection }.
  19. A kind of base station equipment that be used to wirelessly communicate, wherein including following module:
    Third processing module: for executing the third operation in { third operation, the 4th operation } in first layer.
    Wherein, the bit group of the first modification is used for the input of the third operation, and the first bit group is the output of the third operation;The bit group of second modification is used for the input of the 4th operation, and the second bit group is the output of the 4th operation.The third operation includes at least one of { decompression, decryption, integrity verification }, and the 4th operation includes at least one of { decryption, integrity verification }.The bit group of first modification and the bit group of second modification correspond to the same protocol Data Unit.
  20. A kind of non-access net equipment, wherein including following module:
    Fourth processing module: for executing the 4th operation in { third operation, the 4th operation } in the second layer.
    Wherein, the bit group of the first modification is used for the input of the third operation, and the first bit group is the output of the third operation;The bit group of second modification is used for the input of the 4th operation, and the second bit group is the output of the 4th operation.The third operation includes at least one of { decompression, decryption, integrity verification }, and the 4th operation includes at least one of { decryption, integrity verification }.The bit group of first modification and the bit group of second modification correspond to the same protocol Data Unit.
CN201780083603.4A 2017-03-19 2017-03-19 Method and device for uplink transmission Active CN110313164B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210650071.0A CN115226099A (en) 2017-03-19 2017-03-19 Method and device for uplink transmission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/077196 WO2018170645A1 (en) 2017-03-19 2017-03-19 Method and device used for uplink transmission

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202210650071.0A Division CN115226099A (en) 2017-03-19 2017-03-19 Method and device for uplink transmission

Publications (2)

Publication Number Publication Date
CN110313164A true CN110313164A (en) 2019-10-08
CN110313164B CN110313164B (en) 2022-07-26

Family

ID=63583950

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201780083603.4A Active CN110313164B (en) 2017-03-19 2017-03-19 Method and device for uplink transmission
CN202210650071.0A Pending CN115226099A (en) 2017-03-19 2017-03-19 Method and device for uplink transmission

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202210650071.0A Pending CN115226099A (en) 2017-03-19 2017-03-19 Method and device for uplink transmission

Country Status (2)

Country Link
CN (2) CN110313164B (en)
WO (1) WO2018170645A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115226099A (en) * 2017-03-19 2022-10-21 上海朗帛通信技术有限公司 Method and device for uplink transmission

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119968824A (en) * 2022-10-31 2025-05-09 华为技术有限公司 Data transmission method and communication device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101755469A (en) * 2007-07-18 2010-06-23 交互数字技术公司 Implement the method and apparatus of Non-Access Stratum (MAS) fail safe in the Long Term Evolution wireless device
CN102158901A (en) * 2011-02-16 2011-08-17 大唐移动通信设备有限公司 Method for performing terminal operation configuration at network side and network side device
US20160073265A1 (en) * 2014-09-08 2016-03-10 Blackberry Limited Method and Apparatus for Authenticating a Network Entity Using Unlicensed Wireless Spectrum
CN106375992A (en) * 2015-07-20 2017-02-01 中兴通讯股份有限公司 Method for realizing access layer security, user equipment, and node

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU759377B2 (en) * 1999-12-27 2003-04-10 Mitsubishi Denki Kabushiki Kaisha Radio communication device and radio communication method
US10075881B2 (en) * 2013-04-02 2018-09-11 Lg Electronics Inc. Method for performing a cell change procedure in a wireless communication system and a device therefor
CN104753627A (en) * 2013-12-26 2015-07-01 中兴通讯股份有限公司 Multipath transmission method, multipath transmission system, data transmission device and data receiving device
US20150280905A1 (en) * 2014-04-01 2015-10-01 Telefonaktiebolaget L M Ericsson (Publ) Method and apparatus for detecting and correcting pdcp hyper frame number (hfn) desynchronization
US9538421B1 (en) * 2015-06-25 2017-01-03 Qualcomm Incorporated Adaptive ROHC state transition
CN106385676A (en) * 2016-08-31 2017-02-08 国网河南省电力公司开封供电公司 Safety encryption electric power wireless communication system
CN110313164B (en) * 2017-03-19 2022-07-26 上海朗帛通信技术有限公司 Method and device for uplink transmission

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101755469A (en) * 2007-07-18 2010-06-23 交互数字技术公司 Implement the method and apparatus of Non-Access Stratum (MAS) fail safe in the Long Term Evolution wireless device
CN102158901A (en) * 2011-02-16 2011-08-17 大唐移动通信设备有限公司 Method for performing terminal operation configuration at network side and network side device
US20160073265A1 (en) * 2014-09-08 2016-03-10 Blackberry Limited Method and Apparatus for Authenticating a Network Entity Using Unlicensed Wireless Spectrum
CN106375992A (en) * 2015-07-20 2017-02-01 中兴通讯股份有限公司 Method for realizing access layer security, user equipment, and node

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115226099A (en) * 2017-03-19 2022-10-21 上海朗帛通信技术有限公司 Method and device for uplink transmission

Also Published As

Publication number Publication date
CN110313164B (en) 2022-07-26
WO2018170645A1 (en) 2018-09-27
CN115226099A (en) 2022-10-21

Similar Documents

Publication Publication Date Title
JP6825689B2 (en) Distributed unit
KR101831448B1 (en) Method of selectively applying a pdcp function in wireless communication system
CN113273236B (en) Media Access Control Security
WO2019153994A1 (en) Security negotiation method and apparatus
WO2018137351A1 (en) Method, relevant device and system for processing network key
CN113411308A (en) Authentication mechanism for 5G technology
CN108366369A (en) A kind of method and access net, terminal, equipment of the core network of data security transmission
CN110024427B (en) Method, apparatus and computer readable medium for updating security keys
CN115769614A (en) Slice-specific security requirement information
CN101155026A (en) Communication security protection method and device
US20220030425A1 (en) Methods and systems for deriving cu-up security keys for disaggregated gnb architecture
CN114930890B (en) Integrity protection method and communication device
JP2012010254A (en) Communication device, communication method and communication system
CN104969578A (en) Data transmission method, device and system
KR20150055004A (en) Streaming alignment of key stream to unaligned data stream
KR20160044853A (en) A method and apparatus for data transmission and reception of Machine Type Communication devices in mobile communication
US20240305994A1 (en) Methods, infrastructure equipment and communications devices
CN110313164A (en) A kind of method and apparatus for uplink
US9241273B2 (en) Methods, apparatuses and computer program products for configuration of signaling radio bearers
CN115550924B (en) A communication method and device
CN108966217A (en) A kind of secret communication method, mobile terminal and secrecy gateway
CN110268797A (en) A kind of method and apparatus for downlink transfer
EP2901795B1 (en) Methods and apparatuses for signaling radio bearer transmission in a heterogenous network
CN102892112A (en) Decryption device and method for radio resource control (RRC) signaling
KR20230047837A (en) Method, apparatus, and system for user plane security in a communication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20210914

Address after: Room A2117, Building B, 555 Dongchuan Road, Minhang District, Shanghai, 200240

Applicant after: SHANGHAI LANGBO COMMUNICATION TECHNOLOGY Co.,Ltd.

Address before: 226300 266 Century Avenue, Nantong hi tech Zone, Nantong, Jiangsu

Applicant before: NANTONG LANGHENG COMMUNICATION TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant